How the CIA’s hacking tools are different from what Snowden revealed

The U.S. intelligence world is reeling once again from a massive leak of sensitive data, this time belonging to the CIA, with WikiLeaks laying out in stark detail just how the agency is capable of hacking into pretty much every electronic device you own.

The scale of the initial leak — over 8,000 documents representing just 1 percent of all the data stolen — is massive, and it’s tempting to compare it to the infamous leak of NSA documents by Edward Snowden in 2013. But the disclosure of CIA hacking tools and capabilities differs in a number of significant ways from the Snowden leaks.

Unlike the leak of NSA data by Snowden almost four years ago, this is not about indiscriminate, mass surveillance — it is about targeted surveillance by the CIA. As security expert Rob Graham points out, “There’s no overlap or turf war with the NSA” because the CIA conducts its hacking locally — physically hacking into devices — while the NSA takes a more remote approach, monitoring signal intelligence.

Since the documents were published, there’s been some inaccurate and dangerous reporting on the scope of the CIA’s capabilities — making it even more difficult to ascertain what this all means.

What happened?

On Tuesday, WikiLeaks published the biggest trove of leaked documents in the CIA’s history. Dubbed “Vault 7, Year Zero,” the 8,761 leaked documents show the range of hacking tools the agency has at its disposal to spy on targets.

The U.S. intelligence world is reeling once again from a massive leak of sensitive data, this time belonging to the CIA, with WikiLeaks laying out in stark detail just how the agency is capable of hacking into pretty much every electronic device you own.

The scale of the initial leak — over 8,000 documents representing just 1 percent of all the data stolen — is massive, and it’s tempting to compare it to the infamous leak of NSA documents by Edward Snowden in 2013. But the disclosure of CIA hacking tools and capabilities differs in a number of significant ways from the Snowden leaks.

Unlike the leak of NSA data by Snowden almost four years ago, this is not about indiscriminate, mass surveillance — it is about targeted surveillance by the CIA. As security expert Rob Graham points out, “There’s no overlap or turf war with the NSA” because the CIA conducts its hacking locally — physically hacking into devices — while the NSA takes a more remote approach, monitoring signal intelligence.

Since the documents were published, there’s been some inaccurate and dangerous reporting on the scope of the CIA’s capabilities — making it even more difficult to ascertain what this all means.

What happened?

On Tuesday, WikiLeaks published the biggest trove of leaked documents in the CIA’s history. Dubbed “Vault 7, Year Zero,” the 8,761 leaked documents show the range of hacking tools the agency has at its disposal to spy on targets.

The documents lay out in significant detail how agents at CIA’s Center for Cyber Intelligence in Langley, Virginia, are capable of compromising the security of many devices, including iPhones and Android smartphones, Windows PCs, Mac laptops, and even Samsung televisions — which it can turn into remote listening devices.

The CIA hasn’t confirmed the veracity of the documents — it says it doesn’t “comment on the authenticity or content of purported intelligence documents” — but the cache is almost universally seen as authentic by security experts.

WikiLeaks describes the complete Vault 7 trove of data as “the entire hacking capacity of the CIA” and Tuesday’s dump represents just 1 percent of that.

Is this important?

This is a major leak of top-secret documents stolen from the CIA. For the general public the knowledge that the government has a cache of hacking tools capable of breaking into pretty much every device you own, will be worrying.

The leak won’t however come as any surprise to those within the security industry. The CIA is a spying organization and in the digital age, that means it needs hacking tools. “For those of us that that work in security circles it’s not at all surprising that the government has offensive capabilities like this,” security expert Troy Hunt told VICE News. “I mean this is sort of what we expect of governments to some degree.”

Graham adds that what has been exposed is not even that sophisticated: “Most of this dump is child’s play, simply malware/trojans cobbled together from bits found on the Internet.”

What has Silicon Valley said?

The documents show the CIA was using zero day vulnerabilities — flaws in the software which have not been made public — to hack into devices running iOS, Android, Windows and macOS, and this will once again anger the tech giants at Silicon Valley.

So far companies like Apple, Microsoft and Samsung have responded to the leaks by saying they are aware of the report and they are working to fix any vulnerabilities. In an emailed statement to VICE News, Apple said: “While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.”

Google has yet to respond to requests for comment about the leaks, despite the fact that the documents say the CIA can “penetrate, infest and control” Android phones due to its discovery and acquisition of zero day bugs.

This suggests the CIA made a deliberate decision to undermine U.S. tech companies “The leak tells us a bit about how the CIA decided to use its knowledge: it considered it more important to keep everybody insecure than protecting its citizens from the vulnerability, and maybe use the vulnerability for its own purposes or counter terrorism purposes,” security expert Mikko Hypponen told VICE News.

Should I be worried?

Unless you are a foreign adversary of the U.S. government who has legitimate reason to believe the CIA is targeting you, then nothing in this dump should worry you specifically.

WikiLeaks has not released the technical details of the hacking tools which the CIA uses, meaning criminal hackers cannot make use of them to target the general public.

But hasn’t WhatsApp encryption been compromised?

WikiLeaks did seem to suggest the encryption built into messaging apps like WhatsApp, Telegram and Signal was compromised by the CIA, when it tweeted:

However, this is inaccurate. The encryption which underpins these messaging apps remains intact. What the Vault 7 dump shows is that if the operating system of a target’s smartphone has been compromised, then CIA agents can access all the information stored on the phone.

A number of media outlets parroted WikiLeaks claims, and as pointed out by Zeynep Tufeki, a fellow at the Center for Information Technology Policy at Princeton University, just suggesting these apps are compromised could make those who need them most use alternatives which are inherently less secure.

Who leaked the files?

No one knows. WikiLeaks typically doesn’t say anything about the sources of its leaks — only to deny that they come from Russia — but this time around it offered this interesting tidbit of information:

“The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

This would seem to suggest that the leak has come from someone inside the CIA, who managed to steal the documents without being caught before passing them to WikiLeaks. What is particularly ironic is that there is a page contained within the leaked documents contains details of an initiative on how to prevent leaks.

There are some experts suggesting this leak is part of the ongoing Russian disinformation campaign and the documents would allow U.S. President Donald Trump point the finger of blame at the CIA for the attack on the DNC server.

So did the CIA hack the DNC server?

You may have read something along those lines on websites like Breitbart. The basis for these reports is a tool call Umbrage which is described in the documents. According to WikiLeaks press release, the tool can be used to leave a digital fingerprint during an attack which will point to another perpetrator, with WikiLeaks specifically mentioning Russia in relation to this.

Umbrage is a sort of code repository for CIA agents who don’t want to write their own code. It contains malware cobbled together from various sources and the CIA can use it to make attribution more difficult when it attacks a target.

The problem with the WikiLeaks/Breitbart viewpoint that suggests the CIA impersonated the Russian government, is that the specific malware used by the DNC hackers is nowhere to be found on the list used by the CIA which was released Tuesday.

What happens next?

A lot of questions about the leak remain:

As WikiLeaks has said, the documents released on Tuesday represent a tiny fraction of the entire Vault 7 cache, which means that we are going to find out more about the CIA’s hacking capabilities in the weeks and months to come. The group has given no indication of what the rest of the documents contain.